NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
=============================================================================== Robb Kambic Unidata Program Center Software Engineer III Univ. Corp for Atmospheric Research address@hidden WWW: http://www.unidata.ucar.edu/ =============================================================================== ---------- Forwarded message ---------- Date: Tue, 15 Aug 2000 15:46:53 -0500 (CDT) From: David B. Bukowski <address@hidden> To: Pete Pokrandt <address@hidden> address@hidden Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd) But besides using telnet, too insecure, sniffers could pick up passwords as in telnet they are sent in plain text. (I haven't played with the SSL version of telnet yet) But a preferreed method which I am starting to enforce around here is use SSH (info on this product can be found at http://www.ssh.org/) Then besides using TCP wrappers you could use some type of ipfiltering capabilities... Linux supports IP chains in kernel version 2.2.16 and Sun I think has a ipfilter program or equivalent. Not sure on that so don't take my word on it, but I am almost positive it does. Windows computers heave a program that is a client to connect to ssh clients. Some of these are SecureCRT and another is teraterm. Just my 2 cents worth on security issues. -dave > > Of course, after doing that, you can no longer telnet into your > machines, which is a hassle, but it's better than getting hacked > into. I personally run the telnet daemon, but use tcp wrappers > to restrict what remote IPs can connect to it. It is not totally > secure, but eliminates a good portion of the risk associated > with the telnet daemon bug, without removing telnet access for > legitimate users. > > Anyways... Back to the inetd.conf's on my other 20+ SGIs... > > Pete > > -- > +>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+ > ^ Pete Pokrandt V 1447 AOSS Bldg 1225 W Dayton St^ > ^ Systems Programmer V Madison, WI 53706 ^ > ^ V address@hidden ^ > ^ Dept of Atmos & Oceanic Sciences V (608) 262-3086 (Phone/voicemail) ^ > ^ University of Wisconsin-Madison V 262-0166 (Fax) ^ > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+ > ------------------------------------------------------------------------------- David B. Bukowski |email (work): address@hidden Network Analyst |email (personal): address@hidden College of Dupage |pager: (630) 266-7775 Glen Ellyn, Illinois |work phone: (630) 942-2591 -------------------------------------------------------------------------------